inspec 0.9.0

data/test/integration/default/user_spec.rb

@@ -0,0 +1,44 @@
+# encoding: utf-8
+
+# root test
+if ['centos', 'fedora', 'opensuse', 'debian', 'ubuntu'].include?(os[:family])
+
+  userinfo = {
+    name: 'root',
+    group: 'root',
+    uid: 0,
+    gid: 0,
+    groups: ["root"],
+    home: '/root',
+    shell: '/bin/bash',
+  }
+
+  # different groupset for centos 5
+  userinfo[:groups] = ["root", "bin", "daemon", "sys", "adm", "disk", "wheel"] if os[:release].to_i == 5
+
+elsif ['freebsd'].include?(os[:family])
+
+  userinfo = {
+    name: 'root',
+    group: 'wheel',
+    uid: 0,
+    gid: 0,
+    groups: ["wheel", "operator"],
+    home: '/root',
+    shell: '/bin/csh',
+  }
+
+else
+  userinfo = {}
+end
+
+describe user(userinfo[:name]) do
+  it { should exist }
+  it { should belong_to_group userinfo[:group] }
+  its('uid') { should eq userinfo[:uid] }
+  its('gid') { should eq userinfo[:gid] }
+  its('group') { should eq userinfo[:group] }
+  its('groups') { should eq userinfo[:groups] }
+  its('home') { should eq userinfo[:home] }
+  its('shell') { should eq userinfo[:shell] }
+end

data/test/resource/command_test.rb

@@ -0,0 +1,33 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+describe command('echo hello') do
+  its(:stdout) { should eq "hello\n" }
+  its(:stderr) { should eq '' }
+  its(:exit_status) { should eq 0 }
+end
+
+describe command('>&2 echo error') do
+  its(:stdout) { should eq '' }
+  its(:stderr) { should eq "error\n" }
+  its(:exit_status) { should eq 0 }
+end
+
+describe command('exit 123') do
+  its(:stdout) { should eq '' }
+  its(:stderr) { should eq '' }
+  its(:exit_status) { should eq 123 }
+end
+
+describe command('/bin/sh').exist? do
+  it { should eq true }
+end
+
+describe command('sh').exist? do
+  it { should eq true }
+end
+
+describe command('this is not existing').exist? do
+  it { should eq false }
+end

data/test/resource/dsl_test.rb

@@ -0,0 +1,45 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+describe command('echo hello') do
+  its(:stdout) { should eq "hello\n" }
+end
+
+describe 'describe + it + expect' do
+  it 'should echo something' do
+	  out = rand.to_s
+		expect(command("echo -n #{out}").stdout).to eq(out)
+  end
+end
+
+describe 'describe and expect without it' do
+  it 'will raise an error' do
+    expect(proc{
+      describe rand.to_s do
+  	    expect(true).to eq(true)
+      end
+    }).to raise_error StandardError
+  end
+end
+
+rule 'rule + describe' do
+  out = rand.to_s
+  describe command("echo -n #{out}") do
+    its('stdout') { should eq out }
+  end
+end
+
+rule 'rule + describe + it + expect' do
+  out = rand.to_s
+  describe 'a rule' do
+    it 'must echo something' do
+      expect(command("echo -n #{out}").stdout).to eq(out)
+    end
+  end
+end
+
+rule 'rule + expect only' do
+  out = rand.to_s
+  expect(command("echo -n #{out}").stdout).to eq(out)
+end

data/test/resource/file_test.rb

@@ -0,0 +1,130 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+describe file('/tmp') do
+  it { should exist }
+end
+
+describe file('/tmpest') do
+  it { should_not exist }
+end
+
+describe file('/tmp') do
+  its(:type) { should eq :directory }
+  it { should be_directory }
+end
+
+describe file('/proc/version') do
+  its(:type) { should eq :file }
+  it { should be_file }
+  it { should_not be_directory }
+end
+
+describe file('/dev/stdout') do
+  its(:type) { should eq :symlink }
+  it { should be_symlink }
+  it { should_not be_file }
+  it { should_not be_directory }
+end
+
+describe file('/dev/zero') do
+  its(:type) { should eq :character_device }
+  it { should be_character_device }
+  it { should_not be_file }
+  it { should_not be_directory }
+end
+
+# describe file('...') do
+#   its(:type) { should eq :block_device }
+#   it { should be_block_device }
+# end
+
+# describe file('...') do
+#   its(:type) { should eq :socket }
+#   it { should be_socket }
+# end
+
+# describe file('...') do
+#   its(:type) { should eq :pipe }
+#   it { should be_pipe }
+# end
+
+describe file('/dev') do
+  its(:mode) { should eq 00755 }
+end
+
+describe file('/dev') do
+  it { should be_mode 00755 }
+end
+
+describe file('/root') do
+  its(:owner) { should eq 'root' }
+end
+
+describe file('/dev') do
+  it { should be_owned_by 'root' }
+end
+
+describe file('/root') do
+  its(:group) { should eq 'root' }
+end
+
+describe file('/dev') do
+  it { should be_grouped_into 'root' }
+end
+
+describe file('/dev/kcore') do
+  its(:link_path) { should eq '/proc/kcore' }
+end
+
+describe file('/dev/kcore') do
+  it { should be_linked_to '/proc/kcore' }
+end
+
+describe file('/proc/cpuinfo') do
+  its(:content) { should match /^processor/ }
+end
+
+describe file('/').mtime.to_i do
+  it { should <= Time.now.to_i }
+  it { should >= Time.now.to_i - 1000}
+end
+
+describe file('/') do
+  its(:size) { should be > 64 }
+  its(:size) { should be < 10240 }
+end
+
+describe file('/proc/cpuinfo') do
+  its(:size) { should be 0 }
+end
+
+# @TODO selinux_label
+
+# @TODO skip as the mount command is not reliably present on all test containers
+# describe file('/proc') do
+#   it { should be_mounted }
+# end
+
+describe file('/proc/cpuinfo') do
+  it { should_not be_mounted }
+end
+
+# @TODO immutable?
+# @TODO product_version
+# @TODO file_version
+# @TODO version?
+
+require 'digest'
+cpuinfo = file('/proc/cpuinfo').content
+
+md5sum = Digest::MD5.hexdigest(cpuinfo)
+describe file('/proc/cpuinfo') do
+  its(:md5sum) { should eq md5sum }
+end
+
+sha256sum = Digest::SHA256.hexdigest(cpuinfo)
+describe file('/proc/cpuinfo') do
+  its(:sha256sum) { should eq sha256sum }
+end

data/test/resource/ssh_config.rb

@@ -0,0 +1,9 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+return unless command('ssh').exist?
+
+describe ssh_config do
+  its('SendEnv') { should include('GORDON_CLIENT') }
+end

data/test/resource/sshd_config.rb

@@ -0,0 +1,9 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+return unless command('sshd').exist?
+
+describe sshd_config do
+  its('AcceptEnv') { should include('GORDON_SERVER') }
+end

data/test/test-extra.yaml

@@ -0,0 +1,11 @@
+images:
+- centos:5.11
+- centos:7.0.1406
+- debian:6.0.10
+- fedora:20
+- oraclelinux:5.11
+- oraclelinux:6.7
+- oraclelinux:7.1
+- ubuntu:10.04
+- ubuntu:13.04
+- ubuntu:15.10

data/test/test.yaml

@@ -0,0 +1,11 @@
+images:
+- centos:6.6
+- centos:6.7
+- centos:7.1.1503
+- debian:7.9
+- debian:8.2
+- fedora:21
+- fedora:22
+- ubuntu:12.04
+- ubuntu:14.04
+- ubuntu:15.04

data/test/unit/mock/cmd/Get-NetAdapter

@@ -0,0 +1,24 @@
+[
+    {
+        "Name":  "vEthernet (Intel(R) PRO 1000 MT Network Connection - Virtual Switch)",
+        "InterfaceDescription":  "Hyper-V Virtual Ethernet Adapter #2",
+        "Status":  "Up",
+        "State":  2,
+        "MacAddress":  "00-0C-29-E3-48-9B",
+        "LinkSpeed":  "10 Gbps",
+        "ReceiveLinkSpeed":  10000000000,
+        "TransmitLinkSpeed":  10000000000,
+        "Virtual":  true
+    },
+    {
+        "Name":  "Ethernet0",
+        "InterfaceDescription":  "Intel(R) PRO/1000 MT Network Connection",
+        "Status":  "Not Present",
+        "State":  3,
+        "MacAddress":  "00-0C-29-E3-48-9B",
+        "LinkSpeed":  "0 bps",
+        "ReceiveLinkSpeed":  0,
+        "TransmitLinkSpeed":  0,
+        "Virtual":  false
+    }
+]

data/test/unit/mock/cmd/GetUserAccount

@@ -0,0 +1,33 @@
+{
+  "User": {
+    "Caption": "EXAMPLE\\Administrator",
+    "Description": "Built-in account for administering the computer/domain",
+    "Domain": "EXAMPLE",
+    "Name": "Administrator",
+    "LocalAccount": false,
+    "Lockout": false,
+    "PasswordChangeable": true,
+    "PasswordExpires": true,
+    "PasswordRequired": true,
+    "SID": "S-1-5-21-725088257-906184668-2367214287-500",
+    "SIDType": 1,
+    "Status": "OK"
+  },
+  "Groups": [{
+    "Caption": "WIN-K0AKLED332V\\Administrators",
+    "Domain": "WIN-K0AKLED332V",
+    "Name": "Administrators",
+    "LocalAccount": true,
+    "SID": "S-1-5-32-544",
+    "SIDType": 4,
+    "Status": "OK"
+  }, {
+    "Caption": "EXAMPLE\\Domain Admins",
+    "Domain": "EXAMPLE",
+    "Name": "Domain Admins",
+    "LocalAccount": false,
+    "SID": "S-1-5-21-725088257-906184668-2367214287-512",
+    "SIDType": 2,
+    "Status": "OK"
+  }]
+}

data/test/unit/mock/cmd/GetWin32Group

@@ -0,0 +1,23 @@
+[
+    {
+        "Caption":  "WIN-K0AKLED332V\\Administrators",
+        "Domain":  "WIN-K0AKLED332V",
+        "Name":  "Administrators",
+        "SID":  "S-1-5-32-544",
+        "LocalAccount":  true
+    },
+    {
+        "Caption":  "WIN-K0AKLED332V\\Users",
+        "Domain":  "WIN-K0AKLED332V",
+        "Name":  "Users",
+        "SID":  "S-1-5-32-545",
+        "LocalAccount":  true
+    },
+    {
+        "Caption":  "EXAMPLE\\Domain Admins",
+        "Domain":  "EXAMPLE",
+        "Name":  "Domain Admins",
+        "SID":  "S-1-5-21-725088257-906184668-2367214287-512",
+        "LocalAccount":  false
+    }
+]

data/test/unit/mock/cmd/PATH

@@ -0,0 +1 @@
+/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

data/test/unit/mock/cmd/Resolve-DnsName

@@ -0,0 +1,26 @@
+[
+    {
+        "IP4Address":  "134.170.185.46",
+        "Name":  "microsoft.com",
+        "Type":  1,
+        "CharacterSet":  1,
+        "Section":  1,
+        "DataLength":  4,
+        "TTL":  5,
+        "Address":  "134.170.185.46",
+        "IPAddress":  "134.170.185.46",
+        "QueryType":  1
+    },
+    {
+        "IP4Address":  "134.170.188.221",
+        "Name":  "microsoft.com",
+        "Type":  1,
+        "CharacterSet":  1,
+        "Section":  1,
+        "DataLength":  4,
+        "TTL":  5,
+        "Address":  "134.170.188.221",
+        "IPAddress":  "134.170.188.221",
+        "QueryType":  1
+    }
+]

data/test/unit/mock/cmd/Test-NetConnection

@@ -0,0 +1,4 @@
+{
+    "ComputerName":  "microsoft.com",
+    "PingSucceeded":  false
+}

data/test/unit/mock/cmd/auditctl

@@ -0,0 +1,7 @@
+LIST_RULES: exit,always syscall=rmdir,unlink
+LIST_RULES: exit,always auid=1001 (0x3e9) syscall=open
+LIST_RULES: exit,always watch=/etc/group perm=wa
+LIST_RULES: exit,always watch=/etc/passwd perm=wa
+LIST_RULES: exit,always watch=/etc/shadow perm=wa
+LIST_RULES: exit,always watch=/etc/sudoers perm=wa
+LIST_RULES: exit,always watch=/etc/secret_directory perm=r

data/test/unit/mock/cmd/auditpol

@@ -0,0 +1,2 @@
+Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting
+WIN-K0AKLED332V,System,User Account Management,{0CCE9235-69AE-11D9-BED3-505054503030},Success,

data/test/unit/mock/cmd/brew-info-jq

@@ -0,0 +1 @@
+[{"name":"jq","full_name":"jq","desc":"Lightweight and flexible command-line JSON processor","homepage":"https://stedolan.github.io/jq/","versions":{"stable":"1.4","bottle":true,"devel":"1.5rc2","head":"HEAD"},"revision":0,"installed":[{"version":"1.4","used_options":[],"built_as_bottle":null,"poured_from_bottle":true}],"linked_keg":"1.4","keg_only":null,"dependencies":["bison"],"conflicts_with":[],"caveats":null,"requirements":[],"options":[]}]